[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Validity periods can be handled more explicitly

To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Validity periods can be handled more explicitly
From: Carl Ellison <cme@cybercash.com>
Date: Mon, 17 Nov 1997 00:40:28 -0500
Cc: Carl Ellison <cme@cybercash.com>, Bob Jueneman <BJUENEMAN@novell.com>, spki@c2.net
In-Reply-To: <v03110724b087c69011c3@[139.167.130.248]>
References: <3.0.3.32.19971105142535.00cd3b30@cybercash.com><s4605a40.006@novell.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 02:25 PM 11/6/97 -0500, Robert Hettinga wrote:
>At 2:25 pm -0500 on 11/5/97, Carl Ellison wrote:
>
>
>> I would worry about any system being designed to handle the purchase of 
oil
>> tankers between networked parties.  We're worried today about buying $0.25
>> photographs, $15 CDs, etc.  I'm quite content to let purchasers of oil
>> tankers fly to a meeting place and conduct business in the flesh.
>
>
>Yes, but what about an oil tanker's worth of currency derivatives? In
>bearer form?  Several trillion dollars of currencies are traded every day,
>for instance, usually between people who don't really know each other, and
>without too much premeditation. Certainly the net's eventually going to be
>the cheapest way to make those trades, and those of other financial
>instruments.
>
[...]

>Be careful what you leave out, folks. It may come back to haunt you later.
>Fortunately, I think what's happened here so far won't have that problem.

I didn't mean to say that SPKI would leave out folks buying either oil 
tankers or bearer currency derivatives.  For such cases -- like for any 
other heavy contract -- we propose what I frequently call a "locator 
certificate".  That is, you might want a certificate from an issuer who 
claims to be able to locate a given person in the event of fraud, up to a 
given future date, for the purpose of serving papers on him (or sending the 
cops after him).  Such a service would be performed for a fee, of course, 
but the certificate would stand for that isseur's promise to perform the 
service (or cover the cost of the fraud, if the issuer fails).

It's just the one-size-fits-all certificate I object to -- especially when 
it has something meaningless in it like a global name.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNG/YyxN3Wx8QwqUtAQGQUQP/ap+DaRZ6D56icV6qobg1gTyI1kqioia3
WWKLot35xGjVeRSMESAAfMZLi+n3gD3CbTGkiFCIaBLw1JxCH5sN79c7k904T/zr
5BuFJRLX9AwVvmHIzXGr+9QVkp9YQCGsQKhGrhWLgZ8pJ6QnD39ruXI3YiYO0uwc
FkRZ8CH3TMk=
=aiCp
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Re: Validity periods can be handled more explicitly

From: Carl Ellison <cme@cybercash.com>

Re: Validity periods can be handled more explicitly

From: Bob Jueneman <BJUENEMAN@novell.com>

Re: Validity periods can be handled more explicitly

From: Robert Hettinga <rah@shipwright.com>

Prev by Date: Re: non-key-sharing
Next by Date: Re: non-key-sharing
Prev by thread: Re: Validity periods can be handled more explicitly
Next by thread: Re: Validity periods can be handled more explicitly
Index(es):
- Main
- Thread